为什么码头工人在备份数据量时提示“权限被拒绝”?

我正在关注docker文档以测试数据卷的备份过程。

以下两个步骤都可以:

docker create -v /dbdata --name dbdata training/postgres /bin/true

docker run -d --volumes-from dbdata --name db1 training/postgres

但是备份数据的输出为:

[root@localhost data]# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

tar: /backup/backup.tar: Cannot open: Permission denied

tar: Error is not recoverable: exiting now

[root@localhost data]# pwd

/root/data

[root@localhost data]# ls -alt

total 4

drwxrwxrwx. 2 root root 6 May 7 21:33 .

drwxrwx-w-. 15 root root 4096 May 7 21:33 ..

我以root用户身份工作,为什么会提示“ Permission denied”?

执行调试命令后:

docker run --name ins --volumes-from dbdata -v $(pwd):/backup ubuntu sleep 99999 &

docker inspect ins

输出为:

    [{

"AppArmorProfile": "",

"Args": [

"99999"

],

"Config": {

"AttachStderr": true,

"AttachStdin": false,

"AttachStdout": true,

"Cmd": [

"sleep",

"99999"

],

"CpuShares": 0,

"Cpuset": "",

"Domainname": "",

"Entrypoint": null,

"Env": null,

"ExposedPorts": null,

"Hostname": "83e3e1715648",

"Image": "ubuntu",

"MacAddress": "",

"Memory": 0,

"MemorySwap": 0,

"NetworkDisabled": false,

"OnBuild": null,

"OpenStdin": false,

"PortSpecs": null,

"StdinOnce": false,

"Tty": false,

"User": "",

"Volumes": null,

"WorkingDir": ""

},

"Created": "2015-05-08T01:36:35.564512894Z",

"Driver": "devicemapper",

"ExecDriver": "native-0.2",

"ExecIDs": null,

"HostConfig": {

"Binds": [

"/root/data:/backup"

],

"CapAdd": null,

"CapDrop": null,

"ContainerIDFile": "",

"Devices": [],

"Dns": null,

"DnsSearch": null,

"ExtraHosts": null,

"IpcMode": "",

"Links": null,

"LxcConf": [],

"NetworkMode": "bridge",

"PidMode": "",

"PortBindings": {},

"Privileged": false,

"PublishAllPorts": false,

"ReadonlyRootfs": false,

"RestartPolicy": {

"MaximumRetryCount": 0,

"Name": ""

},

"SecurityOpt": null,

"VolumesFrom": [

"dbdata"

]

},

"HostnamePath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/hostname",

"HostsPath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/hosts",

"Id": "83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362",

"Image": "07f8e8c5e66084bef8f848877857537ffe1c47edd01a93af27e7161672ad0e95",

"MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c414,c650",

"Name": "/ins",

"NetworkSettings": {

"Bridge": "docker0",

"Gateway": "172.17.42.1",

"GlobalIPv6Address": "",

"GlobalIPv6PrefixLen": 0,

"IPAddress": "172.17.0.6",

"IPPrefixLen": 16,

"IPv6Gateway": "",

"LinkLocalIPv6Address": "fe80::42:acff:fe11:6",

"LinkLocalIPv6PrefixLen": 64,

"MacAddress": "02:42:ac:11:00:06",

"PortMapping": null,

"Ports": {}

},

"Path": "sleep",

"ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c414,c650",

"ResolvConfPath": "/var/lib/docker/containers/83e3e171564841460b206a8699c1890e2b910bcd2232fdc7202cbff9210b5362/resolv.conf",

"RestartCount": 0,

"State": {

"Error": "",

"ExitCode": 0,

"FinishedAt": "0001-01-01T00:00:00Z",

"OOMKilled": false,

"Paused": false,

"Pid": 3614,

"Restarting": false,

"Running": true,

"StartedAt": "2015-05-08T01:36:36.231389015Z"

},

"Volumes": {

"/backup": "/root/data",

"/dbdata": "/var/lib/docker/vfs/dir/df0378f15f61c8f2e220421968fe181cdcf1a03613218c716c81477dda4bdf76"

},

"VolumesRW": {

"/backup": true,

"/dbdata": true

}

}

]

我也尝试以下命令:

[root@localhost data]# docker run --volumes-from dbdata -v $(pwd):/backup -it ubuntu

root@e59c628417f5:/# ls

backup bin boot dbdata dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var

root@e59c628417f5:/# ls -alt

total 72

......

drwxrwxrwx. 2 root root 6 May 8 01:33 backup

......

root@e59c628417f5:/# ls -alt backup/

ls: cannot open directory backup/: Permission denied

因此,我认为根本原因仍然在于用户权限。

回答:

我只是尝试了您列出的命令,它们在OSX平台和简单的Linux平台下都对我有用。问题是您正在将$(pwd)(从主机)安装到/

backup(在ubuntu映像中,上面运行的第三个docker)。

我怀疑当您启动命令时,您是否位于不可写的目录中?我试图让它失败是这样的:

mkdir failme

chmod 000 failme

cd failme

docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

但是,它有效:-)

所以,我进入了一个root不能写的目录:

cd /proc

root@kube:/proc# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

tar: /backup/backup.tar: Cannot open: Permission denied

tar: Error is not recoverable: exiting now

您是否可能是从无法由root写入的目录开始的?

请将输出发布到以下命令:首先,运行:

docker run --name ins --volumes-from dbdata -v $(pwd):/backup ubuntu sleep 99999 &

(而不是您列出的backup command命令。)

然后进行检查并发布结果:

docker inspect ins

答案是那是由selinux引起的错误。原始海报找到了答案:

setenforce 0

以上是 为什么码头工人在备份数据量时提示“权限被拒绝”? 的全部内容, 来源链接: utcz.com/qa/403714.html

回到顶部